Is it possible for a brand new USB flash drive that I bought from a reputable company to be reformatted and used for...

Is it possible for a brand new USB flash drive that I bought from a reputable company to be reformatted and used for data transfers, then at some point it becomes infected with malware located somewhere on the flash drive itself which doesn't appear in file explorers, and can spread this virus to other devices?

I don't mean specially made USB flash drives that pretend to be keyboards. I mean correctly made USB flash drives that become infected at a later date but don't appear to have any files on them except my own

Other urls found in this thread:

bigmessowires.com/2014/10/04/badusb-and-the-hidden-microcontroller/
twitter.com/SFWRedditVideos

>Is it possible for a brand new USB flash drive that I bought from a reputable company to be reformatted and used for data transfers, then at some point it becomes infected with malware located somewhere on the flash drive itself which doesn't appear in file explorers, and can spread this virus to other devices?
Yes. This happens especially when you take one HDD out of a computer that is infected and plug it into another. The malware/viruses or what ever you have can leap between drives over SATA, USB or what ever you're using to connect them

Okay but how is this actually done. Does the OS execute arbitrary code located on the device at mount time? If so, why the fuck does it do this, and if not, how does it even execute the malware to implement an infection of the formerly clean OS?

>Okay but how is this actually done. Does the OS execute arbitrary code located on the device at mount time?
I believe its the malware itself. The malware is programmed to try and infect all the drives. Basically the computer gives your infected drive power. The malware obviously has the ability to execute code without your permission or administrator access. If it didn't have access to these low level software obviously it can't do anything and it can't execute.

It doesn't matter what the contents of the malware itself is, something has to cause the OS to execute the malware for it to do anything. The contents are only interpreted upon execution, so they cannot be the thing to cause the execution. Something else must cause it.

Hmmm apparently a flash drive can have its own firmware infected via something called "BadUSB" which even affects SD cards. Fucking Jesus where does this rabbit hole end

Someone please tell me that read-only burnable CDs are safe...

>Someone please tell me that read-only burnable CDs are safe...
This.

pretty sure US sabotaged Iran's nuclear energy project with something like this.

It is entirely possible. USB is flawed at the protocol level.
bigmessowires.com/2014/10/04/badusb-and-the-hidden-microcontroller/

>something has to cause the OS to execute the malware for it to do anything
Many retards have autostart enabled.

Put an autoloading exe on that thing and you're ready to go.

Or just integrade the malware into a normal program that's on the drive.

Yep, the firmware of USB is controllers is not secured at all and because almost EVERYTHING can be USB connected (e.g. Ethernet) the amount of attack vectors is mind-boggling.
The only way to fix this is to completely change the way USB is implemented and that's just not going to happen.

That's not a flaw in the protocol.

I think not being even able to see device firmware is a security flaw. Why isn't that a flaw?

The protocol allows to make a USB device that offers such a function.

>STUXNET

Yes but because it is not mandatory it is still an exploitable flaw. But you are right, a secure way to check firmware can be implemented.

>Yes but because it is not mandatory
It isn't mandatory to let the firmware be programmable over its USB interface either.
The whole issue can be solved by not letting everyone who figures out your proprietary commands flash the firmware and instead only allow signed firmware.

This. Ideally I would like companies to offer flash drives that have (according to them at least - you have to trust someone somewhere in the stack unfortunately) read-only firmware memory by design which cannot be flashed. I would also like a hardware level read-only switch which physically disconnects the bus which allows writing to the flash modules. Anyone know if this exists? I doubt it and it would probably be super expensive because it's a niche item.

>I don't mean specially made USB flash drives that pretend to be keyboards. I mean correctly made USB flash drives that become infected at a later date but don't appear to have any files on them except my own
usb flash drives that don't use the hid driver (enabling them to act as both a flash drive and a keyboard/mouse) require you or your operating system to actively execute the contents for anything bad to happen, you're not dealing with fucking magic here, execute malicious code and the attacker gets remote code execution, that isn't to say flash drives are safe if they don't use the hid driver but at most they can't do anything that good opsec won't catch in the first place
to put it another way, badusb exploits have been around for a good few years now, if they were THAT effective at what fearmongers purport them to be then you'd have the whole offensive security scene raving about their new toys that can infect any computer with physical access, instead you get a footnote in the 'physical attacks' sections

tldr don't be a brainlet and you won't be infected

There isn't even anything that mandates USB devices to have firmware. The USB protocol could be implemented at the VHDL level if the manufacturer wanted to. It's just easier to use a microcontroller. More importantly, if USB devices don't want to be infectable, they shouldn't implement firmware updating.

you're right, unfortunately those cheap ARM controllers are really ubiquitious.

also:
>VHDL level
>>>VHDL level
it's hardware level. VHSIC Hardware Description Language is just a description of the gates and how they interact. Verilog is another HDL.
>>>VHDL level
>VHDL level

>it's hardware level
I know, but saying "hardware level" is just a lot more ambiguous. Arguably, a microcontroller with a program ROM implements whatever it does "at the hardware level".

Whoever cleans their motherboard like that deserves to be curb stomped.

...

DON NOT WASH ALUMINUM COOLERS/RADIATORS WITH WATER!!!

You can wash motherboard even with tap water and dish soap, but make sure it would be rinsed and dried 100% properly after that.
One more thing - take off any metal parts to bare minimum (primarily radiators) before washing in water, not like a retard on the OP's picture

> he doesn't pressure wash his technology clean
Git gud faggot.

I would also recommend a rinse with isopropyl alcohol once you have rinsed the soap off, displaces the water and leaves zero residue.